Privacy Policy

Last updated: March 17, 2026

Data Controller

Planet Positive Sport is operated by Planet Positive Sport d.o.o.. As the data controller, Planet Positive Sport d.o.o. is responsible for deciding how your personal data is processed and for what purposes.

Personal Data We Collect

When you create an account and use our platform, we collect the following personal data:

  • Full name — to identify you within the platform
  • Email address — for account authentication and communication
  • Organization name — to associate you with your federation or event organizer
  • User role — to provide role-appropriate access (e.g., LOC, Expert, Supplier, Admin)
  • Event assessment data — sustainability questionnaire responses and supporting documents you submit

Purpose of Processing

We process your personal data for the following purposes:

  • Account creation and management — to provide you access to the platform
  • Service delivery — to facilitate sustainability assessments, certification, and reporting for sporting events
  • Communication — to send account-related notifications such as email verification, approval status, and password resets
  • Platform improvement — to analyze usage patterns and improve the service (aggregated, non-identifying data only)

Legal Basis for Processing

  • Contract performance (Article 6(1)(b) GDPR) — processing necessary to deliver the service you signed up for
  • Legitimate interest (Article 6(1)(f) GDPR) — platform security, fraud prevention, and service improvement
  • Consent (Article 6(1)(a) GDPR) — where applicable, for optional communications beyond core service delivery

Cookies and Authentication

This application uses a single, strictly necessary session cookie (__sid) for authentication purposes. This cookie is essential for the platform to function and allows you to remain signed in during your session. We do not use any tracking cookies, analytics cookies, or third-party cookies.

This session cookie is exempt from consent requirements under Article 5(3) of the ePrivacy Directive, as it is strictly necessary for the provision of the service you have requested.

Data Retention

We retain your personal data for as long as your account is active and as needed to provide you the service. If you request account deletion, your personal data will be erased within 30 days, except where retention is required by law. Event assessment data may be retained in anonymized form for statistical and benchmarking purposes.

Third-Party Processors

We use the following third-party services to operate the platform:

  • Cloud hosting (AWS) — for secure data storage and application hosting, with data processed within the EU
  • Email service provider — for sending transactional emails (account verification, password resets, notifications)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate personal data
  • Right to erasure — request deletion of your personal data ("right to be forgotten")
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to restriction — request that we limit how we process your data
  • Right to object — object to processing based on legitimate interest

To exercise any of these rights, please contact us using the details below. We will respond to your request within 30 days.

Contact Us

For any questions about this privacy policy or to exercise your data protection rights, please contact us:

privacy@planetpositivesport.com

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will notify you through the platform or via email. We encourage you to review this page periodically.